Purchase and Expense Manager <= 1.1.2 - Cross-Site Request Forgery to Arbitrary Purchase Record Deletion

codnloc Purchase and Expense Manager

Product Filtering by Categories, Tags, Price Range for WooCommerce <= 1.1.5 - Missing Authorization to Unauthenticated Plugin Settings Modification

markutos987 Product Filtering by Categories, Tags, Price Range for WooCommerce – Filter Plus

Zenost Shortcodes <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

imran3229 Zenost Shortcodes

Animated Pixel Marquee Creator <= 1.0.0 - Cross-Site Request Forgery via 'marquee' Parameter

tekafran Animated Pixel Marquee Creator

LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart <= 1.2.29 - Missing Authorization to Uanuthenticated Privilege Escalation

lazycoders LazyTasks – Project & Task Management with Collaboration, Kanban and Gantt Chart

Category Dropdown List <= 1.0 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

pandikamal03 Category Dropdown List

TWW Protein Calculator <= 1.0.24 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Header' Setting

thewellnessway TWW Protein Calculator

WP Flot <= 0.2.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

ysh WP Flot

评论小秘书 <= 1.3.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

thobian 评论小秘书

Paypal Payment Shortcode <= 1.01 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'buttom_image' Shortcode Attribute

sonlamtn200 Paypal Payment Shortcode

Data Visualizer <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

subhransu-sekhar Data Visualizer

Hide Email Address <= 0.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

buntegiraffe Hide Email Address

DebateMaster <= 1.0.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via Color Options via 'debate' Shortcode

jeremybmerrill DebateMaster

BUKAZU Search widget <= 3.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'shortcode' Shortcode Attribute

bobvanoorschot BUKAZU Search widget

GPXpress <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

davidkeen GPXpress

WP User Manager <= 2.9.12 - Authenticated (Subscriber+) Arbitrary File Deletion via 'current_user_avatar' Parameter

wpusermanager WP User Manager – User Profile Builder & Membership

Premmerce Wishlist for WooCommerce <= 1.1.10 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Wishlist Deletion

premmerce Premmerce Wishlist for WooCommerce

Simple Theme Changer <= 1.0. - Missing Authorization to Plugin Settings Update via AJAX Actions

darendev Simple Theme Changer

Bold Timeline Lite <= 1.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'title' Parameter in 'bold_timeline_group' Shortcode

boldthemes Bold Timeline Lite

Reviews Sorted <= 2.4.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'space' Shortcode Attribute

eurisko Reviews Sorted